crc test question

Discussion in 'Trojan Defence Suite' started by hojtsy, Mar 20, 2004.

Thread Status:
Not open for further replies.
  1. hojtsy

    hojtsy Registered Member

    Joined:
    Dec 28, 2003
    Posts:
    351
    I am trying to test system files crc test, by adding c:\test.exe to crcfiles.txt, and manually copying various exe files to this location and filename. Crc test never displays any error, even though I change the file. It seems to succeed. What am I doing wrong?
    -hojtsy-
     
  2. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hello hojtsy and welcome,
    hmmm strange, for example i have my update exe there and after an update or installing other files i get alerts about changed files...... o_O
    No alerts either after the next time you start TDS?
     
  3. FanJ

    FanJ Guest

    Hojtsy,

    I tested it this way:

    I copied from my Adaware directory the file ad-aware.exe to C:\
    Then renamed it into test.exe
    Then added C:\test.exe to my crcfiles.txt
    Then ran the CRC32 test.
    Then deleted test.exe.
    Then copied from my Adaware directory the file ad-watch.exe to C:\
    Then renamed it into test.exe
    So now the file test.exe is changed.
    Then I ran the CRC32 test again.
    What do I get:
    20:56:47 [CRC32] -ALERT- File has changed: C:\test.exe

    So the CRC32 test was working as it should ! :)

    You could try that by yourself if you like.


    NOTE :

    Would you please check whether you have in your TDS sub-directory xDynamic the following sub-directory:
    TDS.data
    In that sub-dir should be the file crc32.bnk
    If you don't have that sub-dir xDynamic\TDS.data then make it by yourself manually.
    Then run the CRC32-test again.
    Then that file crc32.bnk should be in that sub-dir and the CRC32-test should work now fine.
     
  4. hojtsy

    hojtsy Registered Member

    Joined:
    Dec 28, 2003
    Posts:
    351
    FanJ,

    This is extra fun! I used exactly the same files and order in my initial testing also! :)

    Indeed I did not have the TDS.data directory. I created it and now crc check works OK! I have definitely not deleted this dir, so it was not created initially. Now I have some questions:

    1) How is the generic user supposed to know that he should manually create the dir TDS.data?

    2) Is it that easy to fool the crc check? Somebody just deletes the TDS.data dir and TDS starts to send fake success messages!

    3) In my opinion the log message is quite silent way to alert for crc failure of a system file. Most probably I will not notice the message if crc checking happens in my autostart scanning. Again I should manually check the TDS log after autostart scanning. :-( Isn't there some scripting trick which displays a popup dialog on a crc error?

    4) As a logical new feature in TDS-4 I suggest to check the crc also when a listed system file is executed with execution protection enabled.

    -hojtsy-
     
  5. FanJ

    FanJ Guest

    Hi Hojtsy,

    :) ;)

    I'm glad it is now working OK for you :)

    See my new thread:
    Is my CRC32-test working? A short guideline

    I have explained it there ;)


    I leave that to Wayne/Gavin/Jason to answer if they would like to do so ;)

    Cheers, Jan.
     
  6. Little Mike

    Little Mike Registered Member

    Joined:
    Dec 19, 2003
    Posts:
    29
    Thank you FanJ,

    I had the same problem as Hotjtsy.

    CRC test works now.

    However, this morning, after the radius.td3 update, running CRC test flagged the changed radius.td3 file, but also renders this:

    10:21:34 [CRC32] -ALERT- File has changed: <path to TDS-3>\dcsmutex.dll

    (The path to TDS-3 has been editted in the above, by myself.)

    This dcsmutex.dll passed muster at bootup, so something changed between bootup and the successful download of radius.td3. Is a change in dcsmutex.dll normal for a download radius.td3?

    Best regards,
    Little Mike
     
  7. FanJ

    FanJ Guest

    Hi Little Mike,

    You're welcome :)

    Yep, I too got today an updated dcsmutex.dll
    Nothing wrong with that, don't worry about it :)

    A little explanation:

    When you download/install a new Radius-file, it sometimes "contains" also an update for the following two files:
    - dcsmutex.dll (not very often, let's say once in a week on average)
    - advscan.dll (very rarely, let's say once in a month or lesser on average).
    (oops, is "lesser" an English word?)

    If you like, you can add those files (if you don't have already done so) in your crcfiles.txt :
    %TDSDIR%\advscan.dll
    %TDSDIR%\DCSmutex.dll

    If one (or two) of those files are updated by DiamondCS, then TDS-3 itself will take care that those files will be updated on your system when you update/install a new Radius-file.
    Maybe a restart of TDS-3 or reboot is necessary, depending upon circumstances (what has been updated and how).
    Even if you manually download a new Radius-file that contains an updated advscan.dll, your TDS-3 will take care of it. :)
    In the past I thought that manually downloading a new Radius-file would not give you an update for one of those files.
    I was definitely wrong ! :oops:
    Quote from Gavin:
    "Everything should be the same. You download radius.td3, the next time you reload/run TDS (or use the commandline "initradius") the new database will be loaded. Everything is unpacked and loaded - if there is an updated ADVScan.dll or dcsmutex.dll its unpacked and overwrites the old file too."

    I hope this helps a little bit !
    Cheers, Jan.
     
  8. Little Mike

    Little Mike Registered Member

    Joined:
    Dec 19, 2003
    Posts:
    29
    Thanks again, FanJ.

    It helps a lot. TDS-3, being a sophisticated tool, will take some getting used to on my part; but, it appears to be worth the effort to learn the details of operation.

    Best regards,
    Little Mike
     
Thread Status:
Not open for further replies.